Jan Vidar Elven JanVidarElven

## deploy-security-copilot.yml
name: CD-$(rev:r)-Deploy-Security-Copilot-$(Date:dd.MM.yyyy) # build numbering format

trigger: none

schedules:
- cron: "0 7 * * 1-5"
  displayName: Morning weekdays
  branches:
    include:
      - main

## AzureAD_SelfSignedCert_AppCreds.ps1

# Connecting with Azure AD PowerShell Module to Manage Application Credentials for Self Signed Certificates

# Connecting to Tenant
$tenantId = 'elven.onmicrosoft.com'

Connect-AzureAD -TenantId $tenantId

# Get an existing application and set some variables
$myApp = Get-AzureADApplication -SearchString "MyDemoCertApp"

## RegisterAppProxyConnectorCredential.ps1
# Register Azure AD App Proxy Connector
# PS! Using Credential Object cannot be used with MFA enabled administrator accounts, use offline token

$User = "<username of global administrator>"
$PlainPassword = '<password>'
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $SecurePassword

Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector"
.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" `

## AzureAutomationAuthToAzureADwithServicePrincipal.ps1
<#
.SYNOPSIS
    This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.

.DESCRIPTION
    This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.
    It uses an Azure Run As Account connection that must be created before.
    You have to import the AzureAD module from the Automation module gallery, if it's not already there.

    AUTHOR: Jan Vidar Elven [MVP]

## AddManagedIdentityMSGraphAppRoles.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                JanVidarElven
                / AddManagedIdentityMSGraphAppRoles.md
            
            
              Last active
              March 15, 2022 09:36
            
              
                ManagedIdentityAddMSGraphAppRoles
              
          
    Add Microsoft Graph Applications Permissions (Roles Claim) to MSI

The following commands must be run in Windows PowerShell and with the AzureAD Module. Remember to Connect-AzureAD with Global Administrator Privileges first.
Part 1 - Get Managed Identity Service Principal

Display Name of Managed Identity

# Get SPN based on MSI Display Name

  
## GetTeamsAdminCenterToken.ps1

# Connect to Azure AD Organization as Admin
Connect-AzureAD

#region Part 1 - Azure AD App
# Create a new App Registration for Teams Admin Center
$azureAdApp = New-AzureADApplication -DisplayName "Teams Admin Center API" -ReplyUrls "https://localhost", "urn:ietf:wg:oauth:2.0:oob"

$keyStartDate = "{0:s}" -f (get-date).AddHours(-1) + "Z"
$keyEndDate = "{0:s}" -f (get-date).AddYears(1) + "Z"

## GetMyPIMAzureADRoles.ps1
# Requires Windows PowerShell
# Requires AzureADPreview PowerShell Module

# Connect to Azure AD
Connect-AzureAD

# Get Tenant Detail
$tenant = Get-AzureADTenantDetail

# Get User

## GitHubAPIPowerPlatformCustomConnector.yml
swagger: '2.0'
info: {title: JanVidarElven Github Connector, description: GitHub API Connector for
    JanVidarElven, version: '1.0'}
host: api.github.com
basePath: /
schemes: [https]
consumes: []
produces: []
paths:
  /repos/{owner}/{repo}/contents/{path}:

## AzureADConnectSSPRPermissions.ps1
# Description: Sets Azure AD Connect Password Write Back AD Permissions
# Created by: Jan Vidar Elven, Enterprise Mobility MVP, Skill AS
# Last Modified: 01.06.2016
# Run this on-premises for your domain/forest

Import-Module ActiveDirectory

#region Initial Parameters/Variables

# Domain Controller in wanted domain, leave blank if using current domain

## AzureADExtensionProperty.ps1
# Azure AD v2 PowerShell Module CmdLets for working with Extension Attribute Properties

# Connect to Azure AD with Global Administrator
Connect-AzureAD

# Get a User and Read Extension Properties
$aadUser = Get-AzureADUser -ObjectId <youruser>
$aadUser | Select -ExpandProperty ExtensionProperty

# Serialize User Object to JSON
	name: CD-$(rev:r)-Deploy-Security-Copilot-$(Date:dd.MM.yyyy) # build numbering format

	trigger: none

	schedules:
	- cron: "0 7 * * 1-5"
	displayName: Morning weekdays
	branches:
	include:
	- main

	# Connecting with Azure AD PowerShell Module to Manage Application Credentials for Self Signed Certificates

	# Connecting to Tenant
	$tenantId = 'elven.onmicrosoft.com'

	Connect-AzureAD -TenantId $tenantId

	# Get an existing application and set some variables
	$myApp = Get-AzureADApplication -SearchString "MyDemoCertApp"
	# Register Azure AD App Proxy Connector
	# PS! Using Credential Object cannot be used with MFA enabled administrator accounts, use offline token

	$User = "<username of global administrator>"
	$PlainPassword = '<password>'
	$SecurePassword = $PlainPassword \| ConvertTo-SecureString -AsPlainText -Force
	$cred = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $SecurePassword

	Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector"
	.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" `
	<#
	.SYNOPSIS
	This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.

	.DESCRIPTION
	This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.
	It uses an Azure Run As Account connection that must be created before.
	You have to import the AzureAD module from the Automation module gallery, if it's not already there.

	AUTHOR: Jan Vidar Elven [MVP]

	# Connect to Azure AD Organization as Admin
	Connect-AzureAD

	#region Part 1 - Azure AD App
	# Create a new App Registration for Teams Admin Center
	$azureAdApp = New-AzureADApplication -DisplayName "Teams Admin Center API" -ReplyUrls "https://localhost", "urn:ietf:wg:oauth:2.0:oob"

	$keyStartDate = "{0:s}" -f (get-date).AddHours(-1) + "Z"
	$keyEndDate = "{0:s}" -f (get-date).AddYears(1) + "Z"
	# Requires Windows PowerShell
	# Requires AzureADPreview PowerShell Module

	# Connect to Azure AD
	Connect-AzureAD

	# Get Tenant Detail
	$tenant = Get-AzureADTenantDetail

	# Get User
	swagger: '2.0'
	info: {title: JanVidarElven Github Connector, description: GitHub API Connector for
	JanVidarElven, version: '1.0'}
	host: api.github.com
	basePath: /
	schemes: [https]
	consumes: []
	produces: []
	paths:
	/repos/{owner}/{repo}/contents/{path}:
	# Description: Sets Azure AD Connect Password Write Back AD Permissions
	# Created by: Jan Vidar Elven, Enterprise Mobility MVP, Skill AS
	# Last Modified: 01.06.2016
	# Run this on-premises for your domain/forest

	Import-Module ActiveDirectory

	#region Initial Parameters/Variables

	# Domain Controller in wanted domain, leave blank if using current domain
	# Azure AD v2 PowerShell Module CmdLets for working with Extension Attribute Properties

	# Connect to Azure AD with Global Administrator
	Connect-AzureAD

	# Get a User and Read Extension Properties
	$aadUser = Get-AzureADUser -ObjectId <youruser>
	$aadUser \| Select -ExpandProperty ExtensionProperty

	# Serialize User Object to JSON